Lindsey Tonsager, Libbie Canter, Jayne Ponder, and Sierra Stubbs of Covington and Burling write:
Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law. Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers. Beginning on January 1, 2026, the statute’s cure provision will only apply to controllers that are a “noncommercial educational broadcast station, as defined in 47 U.S.C. 397” and that (1) receive funding from the Corporation for Public Broadcasting and (2) distribute the entity’s journalism content without cost to recipients.
Separately, the amendment will create a new provision in the state’s criminal code to add the “crime of unlawful disclosure of personal information.”
Read more at Inside Privacy.